ICD Brief 23.

ICD Brief 23.

24.12.2016. – 01.01.2017.

This edition cites cyber intrusions-on US, Turkey and Ukraine energy grids, Features on cyberwar and cyber deterrence and reports on increased cooperation in cyber acquisitions and regulations. We’ve linked headlines for the quickest read followed by linked summaries.

USA

2016 In Review: White House Prioritizes Cybersecurity Policy
“Less than a year removed from the unsettling news of massive hacks at the Office of Personnel Management, the Obama administration made concerted efforts in early 2016 to shore up agencies’ cybersecurity governmentwide with new policies and funding proposals. With the release of the president’s fiscal 2017 budget request in February, the administration launched the Cybersecurity National Action Plan. Here is what happened during the rest of the year in cybersecurity policy.”

US Cyber Fraud: Three Men Accused of $4m Insider Deal
“Three Chinese citizens accused of hacking into computers of American law firms advising on company mergers have been charged with multi-million dollar cyber fraud in New York. Prosecutors said the trio made more than $4m by using information they obtained through hacking into some of the top law firms. They profited by buying stock in firms imminently about to be acquired. One of the defendants has been arrested while the other two are still at large.”

US Posts Rules for Addressing Cyber Bugs In Medical Devices
“The U.S. government on Tuesday issued rules for addressing cyber vulnerabilities in medical devices, providing manufacturers with guidelines for fixing security bugs in equipment, including pacemakers, insulin pumps and imaging systems.”

Russia Penetrated Vermont Utility Company Computer
“Malicious software believed tied to a Russian hacking group associated with attempts to influence the U.S. presidential election was found Friday within a computer that belongs to Burlington Electric, one of Vermont’s electrical utilities. The utility found the malware on a laptop not connected to the operation of the grid, said Commissioner Christopher Recchia of Vermont’s Public Service Department. ”Cyber experts not surprised by Russian hack on US power company
“Here is what analysts are saying about the Russian malware that showed up on the Burlington Electric computer:”

FBI and Homeland Security Detail Russian Hacking Campaign In New Report
“The US Department of Homeland Security (DHS) and FBI have released an analysis of the allegedly Russian government-sponsored hacking groups blamed for breaching several different parts of the Democratic party during the 2016 elections. The 13-page document, released on Thursday and meant for information technology professionals, came as Barack Obama announced sanctions against Russia for interfering in the 2016 elections. The report was criticized by security experts, who said it lacked depth and came too late.”

The Cybersecurity Priority for DHS in 2017
“As one of his first national security appointments, President-elect Donald Trump has selected retired Marine Gen. John F. Kelly to lead the Department of Homeland Security. Kelly is widely recognized for his expertise in counterterrorism, his dedication, composure and intellect. He is especially known for his excellent leadership skills honed by more than 40 years of military service, including as the commander of U.S. Southern Command. One area where DHS is certain to continue to assume a special role and profile is cybersecurity. Cybersecurity is a major challenge to the nation’s economic and security welfare.”

New York State Revises Its Sweeping Cyber Regulation Proposal for Financial Sector
“The New York State Department of Financial Services (DFS) on Wednesday released a revised draft of an ambitious regulation designed to protect the state and its citizens from cyberattacks against financial institutions. Described as the first of its kind in the U.S., the proposed regulation requires banks, insurance companies and other financial services institutions overseen by DFS to develop a cybersecurity program – as well as a written policy – that protects the integrity and privacy of confidential data, including personally identifiable information.”

Insurance group: Revisions in New York’s proposed cyber regulations ‘a good step’
“The American Insurance Association (AIA) is encouraged by the New York Department of Financial Services (DFS) revised cyber security regulation. Announced yesterday in the New York State Registrar, the new effective date of the regulation, following a 30-day public review period, will be March 1, 2017. While the regulation continues to be quite broad in scope, there have been some improvements in the revised regulation to provide financial institutions with greater flexibility in creating cybersecurity programs that best fits their risk profile.”

China

“It has been a tough year in China for America’s technology companies. Uber sold off its operations there. Beijing ordered some of Apple’s services shuttered. And Microsoft faced a new inquiry. Now, in the final days of 2016, China’s internet regulator suggested the coming year may be even trickier. A report by the regulator on Tuesday suggested it would formalize a cybersecurity review system on tech products in the country.”

Huawei intends to use Hexatier’s technology to set up a research and development centre in Israel for databases in the cloud. The negotiations follow a visit by Huawei Chief Executive Officer Ren Zhengfei to Israel several weeks ago.”

Russia

Moscow’s Cyber Strategy Crystallized in 2013 Article
“Russia’s military laid out what is now seen as a blueprint for cyberwarfare with a 2013 article in a professional journal by Gen. Valery Gerasimov, the chief of Russia’s General Staff. Cyberspace, wrote Gen. Gerasimov, ‘opens wide asymmetrical possibilities for reducing the fighting potential of the enemy.’
At the time, Russia’s military was absorbing the lessons of the Arab Spring, when social media played a key role in mobilizing leaderless protests that upended the political order across North Africa and the Middle East.”

South Korea

NK hackers could disable US Pacific Command: report
“A cyberattack by North Koreans could potentially knock out the computer network for the US Pacific Command, warned a report by a state-run agency for the analysis of defense technology. According to the Defense Agency for Technology and Quality, a recent simulation by the Pentagon showed that a full-blown cyberattack by Pyongyang has the capacity to “paralyze” the control center for the USPACOM while inflicting damage upon the power grid in US mainland.”

Turkey

Major cyber-attack on Turkish Energy Ministry claimed
“Sources from the Energy Ministry claim that a major cyber-attack is the source of the widespread electricity cuts across Istanbul in recent days, according to reports in the Turkish media. “The attacks are generally aiming to seize Internet sites and secure infiltration,” a senior anonymous source said on Dec. 31, as quoted by state-run Anadolu Agency.”

Insurance

“Chubb has expanded its suite of cyber loss mitigation services for U.S. and Canadian policyholders to reduce the impact and likelihood of a cyber incident. Chubb’s expanded suite of cyber services for loss mitigation includes password defense, online cyber education and premier cyber partner network.”

Technology Trends for 2017 in the Insurance Industry
“Technology trends and new business models are transforming the insurance industry by leaps and bounds. The top priority of insurance company today is profitable & sustainable growth and to enable this, the global insurance carriers are taking all possible measures to deploy innovative technology for improving the business processes and streamlining legacy applications. To know more, let us focus on some of the innovative technology trends for digital insurance that will transform the insurance industry in 2017. “